Microsoft is releasing the general availability of Temporary Access Pass, a time-limited passcode that allows users to register passwordless authentication methods and recover access to accounts without a password.
According to Microsoft, Temporary Access Pass (TAP) can also be used to set up Windows devices whether users are directly setting up their own devices or via Windows Autopilot, joining devices to Azure AD or setting up Windows Hello for Business.
Admins can configure TAP for organizations with the authentications methods policy, and the feature provides controls that can limit TAP assignments to specific users and groups, limit the user for a short period or set it for one-time use.
Once the authentication method is enabled by policy, a privileged authentication administrator or an authentication administrator can create a TAP for the user either by visiting the user’s authentication methods blade or accessing via an API, the company says in a blog.
Admins can also override existing TAPs in the event that a user forgets or loses their previously created TAP.
With a valid TAP, end users can use it to sign in and register security information, including passworldess phone sign in directly from Microsoft’s Authenticator App, to add a FIDO2 key from the My Security Info page, the company says
Users can also use it to set up Windows Hello for Business on Azure AD Joined and Hybrid Azure AD Joined machines.
“In scenarios where MFA is required, TAP can also be used as an additional factor,” Microsoft says in a Tech Community blog.
The general availability of TAP comes more than a year after the company announced its public preview.